Top

Summary

Prevalence: High

Name: Worm.Win32.VB.bi

Type: Worm

How it spreads: Email Attachments

Affected operating: Windows

Aliases: Nyxem.D, Kama Sutra,W32.Blackmal.E@mm,CME-24 ,WORM

Date of surface: 17 January 2006

Description

This is a mass mailing worm that spreads through file sharing networks and lowers security settings on the compromised computers.

It arrives as an Email-Attachments with the following extensions in Zipped format:

Attachments00.HQX
WinZip.BHX
Video_part.mim
eBook.Uu
Attachments001.BHX
3.92315089702606E02.UUE
Original Message.B64
Word_Document.uu
Sex.min
WinZip Quick Pick.exe
HRM_AF.exe

Subject lines may be any of the following:
Kama Sutra pics
Miss Lebanon 2006
School girl fantasies gone bad
The Best Videoclip Ever
Re: Sex Video
Fw:Sexy
eBook.pdf
Re:
Word File
Hello
Fwd:Crazy illegal Sex!
the file
Fw:SeX.mpg

It copies itself with some of the following filenames:

\Rundll16.exe
\scanregw.exe
\Winzip.exe
\Update.exe
\WinZip_Tmp.exe
\New WinZip File.exe
movies.exe
Zipped Files.exe























Recovery

You have to remove the virus. You need to do one of the following things:

1) The latest virus vaccine update of eScan removes the worm from your system. Ensure that Internet access for your system is running. Right click on and click Download eScan update. The latest updates are downloaded,your system is scanned and the worm is removed.

OR

2) Download the free MicroWorld Anti Virus Toolkit (MWAV Tool Kit). The tool checks your machine for viruses. If any illegal dialers or sniffer tools have been installed they are detected.


MWAV Tool Kit
(Download the free MicroWorld Anti Virus Toolkit that detects viruses in system registry and running processes)

Link 1
Link 2
Link 3

eScan Internet Security Suite (ISS)
(Download MicroWorld`s eScan that detects viruses in system registry,running processes and has a real time monitor)

Link 1
Link 2
Link 3
Link 4
Link 5
Link 6

Advanced

This is a mass mailing worm that spreads through file sharing networks and lowers security settings on the compromised computers.

Also there is a new variant Email-Worm.Win32.Nyxem.e that has shown similar behavior as Email.Worm.Win32.VB.bi.

It arrives as an Email-Attachments with the following extensions in Zipped format:

Attachments00.HQX
WinZip.BHX
Video_part.mim
eBook.Uu
Attachments001.BHX
3.92315089702606E02.UUE
Original Message.B64
Word_Document.uu
Sex.min
WinZip Quick Pick.exe
HRM_AF.exe

Subject lines may be any of the following:

Fw:Sexy
eBook.pdf
Re:
Word File
Hello
Fwd:Crazy illegal Sex!
the file
Fw:SeX.mpg

It copies itself with some of the following filenames:

\Rundll16.exe
\scanregw.exe
\Winzip.exe
\Update.exe
\WinZip_Tmp.exe
\New WinZip File.exe
movies.exe
Zipped Files.exe